Compound advanced policy expressions

You can configure an Advanced policy expression that contains Boolean or arithmetic operators and multiple atomic operations. The following compound expression contains a boolean AND:

http.req.hostname.eq("mycompany.com") && http.req.method.eq(post)

The following expression adds the value of two targets, and compares the result to a third value:

http.req.url.length + http.req.cookie.length \<= 500

A compound expression can contain any number of logical and arithmetic operators. The following expression evaluates the length of an HTTP request on the basis of its URL and cookie, evaluates text in the header, and performs a Boolean AND on these two results:

This operator is a logical OR. If any component of the expression that is joined by the OR evaluates to TRUE, the entire expression is TRUE.

!.

Performs a logical NOT on the expression.

In some cases, the Citrix ADC configuration utility offers AND, NOT, and OR operators in the Add Expression dialog box. However, these are of limited use. Citrix recommends that you use the operators &&,

, and ! to configure compound expressions that use Boolean logic.

Parentheses in compound expressions

You can use parentheses to control the order of evaluation of an expression. The following is an example:

Compound operations for strings

The following table describes operators that you can use to configure compound operations on string data.

Operations that produce a string value

Description

str + str

Concatenates the value of the expression on the left of the operator with the value on the right. Following is an example: http.req.hostname + http.req.url.protocol

str + num

Concatenates the value of the expression on the left of the operator with a numeric value on the right. Following is an example: http.req.hostname + http.req.url.content_length

num + str

Concatenates the numeric value of the expression on the left side of the operator with a string value on the right. Following is an example: http.req.url.content_length + http.req.url.hostname

str + ip

Concatenates the string value of the expression on the left side of the operator with an IP address value on the right. Following is an example: http.req.hostname + 10.00.000.00

ip + str

Concatenates the IP address value of the expression on the left of the operator with a string value on the right.Following is an example: client.ip.dst + http.req.url.hostname

str1 ALT str2

Uses the string1 or string2 value that is derived from the expression on either side of the operator, as long as neither of these expressions is a compound expressions. Following is an example: http.req.hostname alt client.ip.src

Operations on strings that produce a result of TRUE or FALSE

Description

str == str

Evaluates whether the strings on either side of the operator are the same. Following is an example: http.req.header(“myheader”) == http.res.header(“myheader”)

str <= str

Evaluates whether the string on the left side of the operator is the same as the string on the right, or precedes it alphabetically.

str >= str

Evaluates whether the string on the left side of the operator is the same as the string on the right, or follows it alphabetically.

str < str

Evaluates whether the string on the left side of the operator precedes the string on the right alphabetically.

str > str

Evaluates whether the string on the left side of the operator follows the string on the right alphabetically.

str !!= str

Evaluates whether the strings on either side of the operator are different.

Logical operations on strings

Description

bool && bool

This operator is a logical AND. When evaluating the components of the compound expression, all components that are joined by the AND must evaluate to TRUE. Following is an example: http.req.method.eq(GET) && http.req.url.query.contains(“viewReport && my_pagelabel”)

bool || bool

This operator is a logical OR. When evaluating the components of the compound expression, if any component of the expression that is joined by the OR evaluates to TRUE, the entire expression is TRUE. Following is an example: http.req.url.contains(“.js”)

http.res.header.(“Content-Type”).contains(“javascript”)

bool

Performs a logical NOT on the expression.

Compound operations for numbers

You can configure compound numeric expressions. For example, the following expression returns a numeric value that is the sum of an HTTP header length and a URL length:

http.req.header.length + http.req.url.length

The following tables describes operators that you can use to configure compound expressions for numeric data.

Arithmetic operations on numbers

Description

num + num

Add the value of the expression on the left of the operator to the value of the expression on the right. Following is an example: http.req.content_length + http.req.url.length

num – num

Subtract the value of the expression on the right of the operator from the value of the expression on the left.

num * num

Multiply the value of the expression on the left of the operator with the value of the expression on the right. Following is an example: client.interface.rxthroughput * 9

num / num

Divide the value of the expression on the left of the operator by the value of the expression on the right.

num % num

Calculate the modulo, or the numeric remainder on a division of the value of the expression on the left of the operator by the value of the expression on the right. For example, the values “15 mod 4” equals 3, and “12 mod 4” equals 0.

~number

Returns a number after applying a bitwise logical negation of the number. The following example assumes that numeric.expression returns 12 (binary 1100): ~numeric.expression. The result of applying the ~ operator is -11 (a binary 1110011, 32 bits total with all ones to the left). Note that all returned values of less than 32 bits before applying the operator implicitly have zeros to the left to make them 32 bits wide.

number ^ number

Compares two bit patterns of equal length and performs an XOR operation on each pair of corresponding bits in each number argument, returning 1 if the bits are different, and 0 if they are the same. Returns a number after applying a bitwise XOR to the integer argument and the current number value. If the values in the bitwise comparison are the same, the returned value is a 0. The following example assumes that numeric.expression1 returns 12 (binary 1100) and numeric.expression2 returns 10 (binary 1010): numeric.expression1 ^ numeric.expression2The result of applying the ^ operator to the entire expression is 6 (binary 0110). Note that all returned values of less than 32 bits before applying the operator implicitly have zeros to the left to make them 32 bits wide.

number | number

Returns a number after applying a bitwise OR to the number values. If either value in the bitwise comparison is a 1, the returned value is a 1. The following example assumes that numeric.expression1 returns 12 (binary 1100) and numeric.expression2 returns 10 (binary 1010): numeric.expression1

numeric.expression2The result of applying the

operator to the entire expression is 14 (binary 1110). Note that all returned values of less than 32 bits before applying the operator implicitly have zeros to the left to make them 32 bits wide.

number & number

Compares two bit patterns of equal length and performs a bitwise AND operation on each pair of corresponding bits, returning 1 if both of the bits contains a value of 1, and 0 if either bits are 0. The following example assumes that numeric.expression1 returns 12 (binary 1100) and numeric.expression2 returns 10 (binary 1010): numeric.expression1 & numeric.expression2 The whole expression evaluates to 8 (binary 1000). Note that all returned values of less than 32 bits before applying the operator implicitly have zeros to the left to make them 32 bits wide.

num « num

Returns a number after a bitwise left shift of the number value by the right-side number argument number of bits. Note that the number of bits shifted is integer modulo 32. The following example assumes that numeric.expression1 returns 12 (binary 1100) and numeric.expression2 returns 3: numeric.expression1 « numeric.expression2 The result of applying the LSHIFT operator is 96 (a binary 1100000).Note that all returned values of less than 32 bits before applying the operator implicitly have zeros to the left to make them 32 bits wide.

num » num

Returns a number after a bitwise right shift of the number value by the integer argument number of bits. Note that the number of bits shifted is integer modulo 32. The following example assumes that numeric.expression1 returns 12 (binary 1100) and numeric.expression2 returns 3: numeric.expression1 » numeric.expression2 The result of applying the RSHIFT operator is 1 (a binary 0001). Note that all returned values of less than 32 bits before applying the operator implicitly have zeros to the left to make them 32 bits wide.

Numeric operators that produce a result of TRUE or FALSE

Description

num == num

Determine if the value of the expression on the left of the operator is equal to the value of the expression on the right.

num != num

Determine if the value of the expression on the left of the operator is not equal to the value of the expression on the right.

num > num

Determine if the value of the expression on the left of the operator is greater than the value of the expression on the right.

num < num

Determine if the value of the expression on the left of the operator is less than the value of the expression on the right.

num >= num

Determine if the value of the expression on the left of the operator is greater than or equal to the value of the expression on the right.

num <= num

Determine if the value of the expression on the left of the operator is less than or equal to the value of the expression on the right

Functions for data types in the policy infrastructure

Simple expressions can return all of these data types. Therefore, you can create compound expressions that use arithmetic operators and logical operators to evaluate or return values of these data types. Additionally, you can use all of these values in policy expressions. Literal constants of type unsigned long can be specified by appending the string ul to the number. Literal constants of type double contain a period (.), an exponent, or both.

Arithmetic Operators, Logical Operators, and Type Promotion

In compound expressions, the following standard arithmetic and logical operators can be used for the double and unsigned long data types:

+, -, *, and /

%, ~, ^, &,

, <<, and >> (do not apply to double)

==, !=, >, <, >=, and <=

All of these operators have the same meaning as in the C programming language.

In all cases of mixed operations between operands of type integer, unsigned long, and double, type promotion is performed so that the operation can be performed on operands of the same type. A type of lower precedence is automatically promoted to the type of the operand with the highest precedence involved in the operation. The order of precedence (higher to lower) is as follows:

Double

Unsigned long

Integer

Therefore, an operation that returns a numeric result returns a result of the highest type involved in the operation.

For example, if the operands are of type integer and unsigned long, the integer operand is automatically converted to type unsigned long. This type conversion is performed even in simple expressions in which the type of data identified by the expression prefix does not match the type of data that is passed as the argument to the function. To illustrate such an example, in the operation HTTP.REQ.CONTENT_LENGTH.DIV(3ul), the integer returned by the prefix HTTP.REQ.CONTENT_LENGTH is automatically converted to unsigned long (the type of the data passed as the argument to the DIV() function), and an unsigned long division is performed. Similarly, the argument can be promoted in an expression. For example, HTTP.REQ.HEADER(“myHeader”).TYPECAST_DOUBLE_AT.DIV(5) promotes the integer 5 to type double and performs double-precision division.

For information about expressions for casting data of one type to data of another type, see Typecasting data.

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.